CVE-2008-3906: Input Validation
First published: Thu Sep 04 2008(Updated: )
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Mono | =1.2.4 | |
| Ubuntu Mono | =1.2.1 | |
| Ubuntu Mono | =1.9 | |
| Ubuntu Mono | =1.2.6 | |
| Mono | =1.1.13.4 | |
| Mono | =1.1.13 | |
| Mono | =1.0 | |
| Mono | =1.1.8.3 | |
| Ubuntu Mono | =1.2.3 | |
| Mono | =1.1.17.1 | |
| Mono | =1.2.5.1 | |
| Mono | =1.1.18 | |
| Mono | =1.0.5 | |
| Ubuntu Mono | =1.2.5 | |
| Mono | =1.1.13.7 | |
| Ubuntu Mono | <=2.0 | |
| Mono | =1.1.17 | |
| Ubuntu Mono | =1.2.2 | |
| Mono | =1.1.4 | |
| Mono | =1.1.13.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2008/08/27/6
- https://bugzilla.novell.com/show_bug.cgi?id=418620
- http://www.securityfocus.com/bid/30867
- http://secunia.com/advisories/31643
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:210
- http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0286
- http://secunia.com/advisories/36494
- http://www.vupen.com/english/advisories/2008/2443
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44740
- https://usn.ubuntu.com/826-1/
- http://www.securityfocus.com/archive/1/496845/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-3906?
CVE-2008-3906 has a high severity rating due to its potential to allow malicious HTTP response splitting attacks.
How do I fix CVE-2008-3906?
To fix CVE-2008-3906, it is recommended to upgrade to a patch version of Mono that addresses this CRLF injection vulnerability.
Which versions are affected by CVE-2008-3906?
CVE-2008-3906 affects Mono versions up to 2.0, including known versions such as 1.0 through 1.9.
What type of attacks can CVE-2008-3906 lead to?
CVE-2008-3906 can lead to HTTP response splitting attacks, which may allow attackers to inject arbitrary HTTP headers.
Who is impacted by CVE-2008-3906?
Any application using the affected versions of Mono for web-based services is at risk of exploitation through CVE-2008-3906.
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mono project
- canonical/ubuntu mono
- version/ubuntu mono/1.2.4
- version/ubuntu mono/1.2.1
- version/ubuntu mono/1.9
- version/ubuntu mono/1.2.6
- vendor/mono
- canonical/mono
- version/mono/1.1.13.4
- version/mono/1.1.13
- version/mono/1.0
- version/mono/1.1.8.3
- version/ubuntu mono/1.2.3
- version/mono/1.1.17.1
- version/mono/1.2.5.1
- version/mono/1.1.18
- version/mono/1.0.5
- version/ubuntu mono/1.2.5
- version/mono/1.1.13.7
- version/ubuntu mono/2.0
- version/mono/1.1.17
- version/ubuntu mono/1.2.2
- version/mono/1.1.4
- version/mono/1.1.13.6